Example usage for org.springframework.security.config.annotation.web.builders HttpSecurity authorizeRequests

Introduction

In this page you can find the example usage for org.springframework.security.config.annotation.web.builders HttpSecurity authorizeRequests.

Prototype

public ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry authorizeRequests()
        throws Exception

Source Link

Document

Allows restricting access based upon the HttpServletRequest using <h2>Example Configurations</h2> The most basic example is to configure all URLs to require the role "ROLE_USER".

Usage

From source file:org.fon.documentmanagementsystem.config.security.SecurityConfig.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests().antMatchers("/resources/**").permitAll().antMatchers("/subsystems/**")
            .hasAuthority("SUPERADMIN").antMatchers("/admins/adm/**").hasAuthority("SUPERADMIN")
            .antMatchers("/admins/usr/**").hasAuthority("ADMIN").antMatchers("/processes/adm/**")
            .hasAuthority("ADMIN").antMatchers("/processes/usr/**").hasAuthority("USER")
            .antMatchers("/documenttypes/**").hasAuthority("ADMIN").antMatchers("/activity/adm/**")
            .hasAuthority("ADMIN").antMatchers("/activity/user/**").hasAuthority("USER")
            .antMatchers("/documents/**").hasAuthority("USER")
            //                .antMatchers("/api/processes/**").hasAuthority("ADMIN")
            //                .antMatchers("/api/processes/**").hasAuthority("USER")
            .anyRequest().authenticated().and().exceptionHandling().accessDeniedPage("/403").and().formLogin()
            .loginPage("/login").permitAll().and().logout().logoutUrl("/logout").logoutSuccessUrl("/login")
            .and().csrf().disable();/*from w w w . j  av a2  s . c  o  m*/

}

From source file:com.ucrisko.libroomreserve.config.WebSecurityConfig.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests()
            //.antMatchers(HttpMethod.GET, "/users").authenticated()
            .anyRequest().permitAll().and().formLogin().loginPage("/signin").successHandler(authSuccess)
            .failureHandler(authFailure).and().logout().permitAll().and()
            .addFilterAfter(new CsrfHeaderFilter(), CsrfFilter.class).csrf()
            .csrfTokenRepository(csrfTokenRepository());
}

From source file:org.watterssoft.SecurityConfig.java

@Override
protected void configure(HttpSecurity http) throws Exception {

    http.authorizeRequests()
            .antMatchers("/resources/**", "/signup", "/about", "/jquery/**", "/js/**", "/logout").permitAll()
            .antMatchers("/admin/**").hasRole("ADMIN").antMatchers("/db/**")
            .access("hasRole('ROLE_ADMIN') and hasRole('ROLE_DBA')").anyRequest().authenticated().and()
            .formLogin().loginPage("/login").defaultSuccessUrl("/").permitAll();
    http.csrf().disable();/* w  ww .  j  a v a  2  s  .c  o  m*/
}

From source file:br.com.fpu.eiiv.qrcode.WebSecurityConfiguration.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    // @formatter:off
    http.authorizeRequests().antMatchers("/**").hasRole("USER").and().httpBasic().and().csrf().disable();
    // @formatter:on
}

From source file:org.fede.calculator.web.SecurityConfig.java

@Override
protected void configure(HttpSecurity http) throws Exception {

    http.authorizeRequests().antMatchers("/secure/**").access("isFullyAuthenticated()").and().formLogin()
            .loginPage("/loginPage").loginProcessingUrl("/login").and().headers().contentTypeOptions().disable()
            .and().logout().logoutUrl("/logout").logoutSuccessUrl("/").invalidateHttpSession(true).and()
            .rememberMe().useSecureCookie(true);
}

From source file:com.redhat.rhtracking.config.SecurityConfig.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests().antMatchers("/resources/**").permitAll().antMatchers("/**").hasRole("USER")
            .anyRequest().anonymous().and()
            //This will generate a login form if none is supplied.
            .formLogin();//  w w  w  .j  a v a2s  .  co  m
}

From source file:jp.pigumer.security.WebSecurityConfig.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests().antMatchers("/").permitAll().anyRequest().authenticated();
    http.addFilterAfter(exampleFilter(), BasicAuthenticationFilter.class);
    http.csrf().disable();/*from w w w.ja  va  2 s  .  c  om*/
}

From source file:de.dominikschadow.javasecurity.spring.SecurityConfig.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests().antMatchers("/*", "/resources/css/*").permitAll().antMatchers("/users/**")
            .hasRole("USER").and().formLogin().defaultSuccessUrl("/users/user").and().logout()
            .logoutSuccessUrl("/");
}

From source file:com.itn.configuration.SecurityConfiguration.java

@Override
protected void configure(HttpSecurity http) throws Exception {

    http.authorizeRequests().antMatchers("/", "/home").permitAll().antMatchers("/admin/**")
            .access("hasRole('ADMIN')").antMatchers("/user/**").access("hasRole('USER')")
            //      .and().formLogin(). To make default login page
            .and().formLogin().loginPage("/login")//to make custome login page
            .usernameParameter("username").passwordParameter("password").and().csrf().disable()//This line is optional
            .exceptionHandling().accessDeniedPage("/Access_Denied");//

}

From source file:io.gravitee.management.security.config.oauth2.OAuth2SecurityConfigurerAdapter.java

@Override
public void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests().antMatchers("/**").access("#oauth2.hasScope('read')");
}